Dfir Lead

Help AG is looking for a talented and enthusiastic individual to join as a DFIR Lead for our Defense Operations team within our Managed Security Services (MSS) business unit. If you have a strong knowledge and interest in incident response and/or digital forensics, this position might be the right one for you.

The DFIR Lead will be responsible for leading the DFIR team and performing off-site and on-site Incident Response activities and customer engagements, leveraging multiple security technologies, guiding and leading customers in the handling of Security Incidents and examining IT and security systems using best-practice digital forensic methods to detect, validate and mitigate IT security related incidents.

**Responsibilities**:

- Lead and mentor the DFIR team and act on daily management tasks.
- Lead and coordinate incident response activities in unknown environments, including triage, containment, eradication, and remediation.
- Conduct in-depth forensic investigations to determine the root cause of security incidents and breaches.
- Develop and maintain standard incident response plans, best practices, policies, and procedures.
- Develop custom incident response plans tied to specific environments and customer situations.
- Collaborate with cross-functional teams, including IT, legal, and management, to ensure a coordinated response to security incidents.
- Examinate and analyse logs/data from a broad variety of security technologies, such as but not limited to Antiviruses, IDS/IPS, Firewalls, Switches, VPNs and other security data and log sources.
- Perform forensic analysis of different artifacts including RAM, packet captures, logs and disk images.
- Reverse engineer malicious software and develop signatures and indicators of compromise.
- Actively develop incident response tools, scripts, and various detection content.
- Research Red Team techniques, develop custom detection queries, rules, watchlists and other content, and conduct threat hunts.
- Articulate and execute common Incident Response methods (e.g. SANS).
- Respond to inbound requests via phone and other electronic means for technical assistance with managed services.
- Work on-site as required with clients during Live Security Incidents (could be out of country).
- Maintain a high degree of awareness of the current threat landscape.
- Champion excellence and support others in delivering it through active knowledge sharing with team members, writing technical articles for internal knowledge bases, blog posts and reports as required or requested.
- Create and present customer reports to ensure quality, accuracy and value to the client.
- Provide technical expertise and guidance to junior incident response and forensic investigation team members.
- Stay current with industry trends, emerging threats, and best practices in incident response and digital forensics.
- Perform other essential duties as assigned.

**Qualifications & Skills**:

- A degree in Computer Science, Information Systems, Electrical Engineering or a closely related degree.
- A sound knowledge of IT security best practices, common attack types and detection/prevention methods.
- Broad knowledge of the type of events that Firewalls, IDS/IPS and other security related devices produce.
- Demonstrable experience in the use of Digital Forensics tools, techniques and concepts including creating and using custom tools and scripts.
- Static reverse engineering and analysis of malware written in different languages (X86/X64/C/C#, Go, etc.), signatures and Yara/Snort/Sigma rules development.
- Strong knowledge of Red Team tactics and ability to find adversary traces on Enterprise scale.
- Rapid development in scripting languages: Python/PowerShell /Bash.
- Deep TCP/IP knowledge, networking and security product experience.
- Knowledge of attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc.
- CISSP, GCIA, GCIH, GCFA, GCFE, GREM, OSCP certification would be preferable.
- 10+ years of experience in information security, in areas such as security operations, intrusion detection, incident analysis, incident handling, log analysis, malware analysis, reverse engineering or threat detection.
- Demonstrate experience in handling Incident Response engagements (APTs and Ransomware) using the SANS Incident Response method (or similar).
- Strong background or equivalent experience in four of the following: Security Threat and Event Analysis, Network Security Operations or Engineering, Reverse Engineering, Malware Analysis, Windows/Linux/OSX Forensics, Penetration Testing, Active Directory and Azure Administration.
- At least 2-3 years of experience as a Senior or Lead Analyst, or equivalent experience guiding, mentoring and teaching other Analysts/Security Professionals how to handle Security Incidents.

**Benefits**:

- Health insurance with one of the leading global providers for medical insura